Tech fans who flocked to try out DeepSeek will want to think twice about what the app is doing – just days after vulnerabilities were found in the iOS app, a research team at Security Scorecard has found similar privacy concerns in the Android app as well.
Despite the app’s rise in popularity after the release of the R1 reasoning model, several countries including Australia, Italy and Taiwan have banned it from use in government departments or on government devices amid privacy concerns. While the latest report from Security Scorecard doesn’t show any overtly malicious behavior, it does point to some overall poor security practices.
The app's privacy policy details additional risky behavior such as collecting “text or audio inputs, prompts, uploaded files, feedback and chat history.” It also gathers technical information like IP addresses, operating system, device model and – most concerningly – “keystroke patterns or rhythms.” This last part is considered most intrusive as it can be used to infer both identity and behavior.
Security Scorecard analyzed the app and identified these issues based on the CWE (Common Weakness Enumeration) list. High risk weaknesses include things like hardcoded keys, SQL injection risks, improper file permissions, while analysis of DeepSeek’s Smali code revealed multiple anti-debugging techniques. If debugging is detected; the application force closes itself to prevent analysis.
More from Tom's Guide
- It's Safer Internet Day – here are 5 tips to help you be safer online
- iOS 18.3.1 — update your iPhone right now to fix critical zero-day vulnerability
- Millions of Mac owners urged to be on alert for info-stealing malware
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
